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(54) Digital signature or electronic seal authentication system and recognized mark management 
program 



(57) A mark management server (101) for certifying 
digital data based on a digital mark to enable realization 
of identity authentication and data certification when the 
digital data is transmitted or received on a network 
(120 A, 120B, 108). The server includes a mark man- 
agement processor (221) for receiving a mark registra- 
tion request demanding a new registration or updating 
of the mark from a mark terminal device (1 1 1), embed- 
ding identity authentication information obtained by 
encrypting information for identity authentication of a 
request originator with use of a cryptograph key in a 
mark design of the request originator to create a mark, 
and distributing the created mark to the request origina- 
tor together with a decoding key for decoding of the 
identity authentication information attached thereto, and 
a mark decoding key management processor for regis- 
tering the decoding key for decoding of the encrypted 
identity authentication information in a mark decoding 
key management DB and transmitting the registered 
decoding key to the associated mark terminal device 
(1 ID- 
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Description 

[0001] The present invention relates generally to a 
digital mark authentication system tor certifying digital 
data based on an electronic mark and more particularly, s 
to a technique which can be effectively applied to a dig- 
ital mark authentication system for certification digital 
data by a digital mark indicative of imprint of a seal or 
signature. JP-A-10-1 1509 specification discloses a doc- 
ument security system. 10 
[0002] As commercial transaction is being increas- 
ingly spreading on the network, a technique for being 
able to confirm the truth of information to be transmitted 
on the network has become important Identity authen- 
tication systems for distinguishing a personal identifica- is 
tion Irom a third unauthorized person, that is, for 
authenticating the personal identification includes a sys- 
tem utilizing a possession such as a passport or a credit 
card, a system utilizing a biometric such as a fingerprint, 
voice print or holograph and a system utilizing secret 20 
information such as a password or digital signature. 
However, when application of such systems is limited to 
the network, the systems utilizing possession or secret 
information are generally used. 

[0003] With respect to confirmation of tampering of 25 
information in the course of information transmission, in 
secure electronic transactions (SET) used for safe 
credit settlement of account in electronic commerce 
(EC) utilizing the Internet, authentication of card s pos- 
sessor is carried out based on a digital signature. The 30 
digital signature is usually a cipher document obtained 
by encrypting a compressed document or message to 
be transmitted with use of a sender's cryptograph key, 
and the cipher document can be decoded into the origi- 
nal compressed document with use of sender's decode 35 
key (public key). That is, the document receiver can 
conduct document authentication, that is, can confirm 
that the message is not tampered by comparing the 
compressed document obtained from the received mes- 
sage with the compressed document decoded with use 40 
of the accepted digital signature. 
[0004] The receiver of digital data such as a docu- 
ment cannot confirm the truth of the digital data or its 
sender only by looking at the digital data. In real world, 
you can rest assured by looking at a seal affixed upon a 45 
paper. However, such a digital signature cannot give 
you a feeling of security even if you look at it. 
[0005] Meanwhile, in a conventional electronic seal 
system, imprint of a seal recognizable by looking at it 
can be used. However, the imprint of a seal per se is a so 
mere design. For this reason, in order to confirm a 
sender of digital data such as a document, it has been 
necessary for the receiver of the digital data to examine 
a history of log information or the like. 
[0006] It is therefore an object of the present inven- ss 
tion to provide a technique which can solve the above 
problems in the prior art and can realize authentication 
or data authentication when digital data is sent or 



received. 

[0007] Another object of the present invention is to 
provide a technique for authenticating a send message 
containing a visible mark recognizable by human eyes. 
[0008] In accordance with an aspect of the present 
invention, there is provided a digital mark certification 
system for providing a mark for data certification based 
on a digital mark, which comprises: 

a mark management processor (221) for embed- 
ding certification information of a mark creation 
demander in a demander's mark design to create a 
visible mark on a display in response to demander's 
request; and 

a mark distributor (200-222) for distributing a 
decoding key for decoding of the mark and the visi- 
ble mark to a demander's terminal device. 

[0009] It is visually recognized that the certification 
information is embedded in the created mark. The certi- 
fication information can be obtained by encrypting infor- 
mation including a demander's feature with use of a 
cryptograph key. It is possible to embed in the mark both 
the whole certification information encrypted and the 
original or non-encrypted certification information or 
both the original certification information and the digital 
signature of the original certification information. 
[0010] In response to the mark updating request, 
the mark management processor (221) can encrypt 
information including demander's other feature with use 
of the cryptograph key to create demander's other certi- 
fication information, and can embed the other certifica- 
tion information in the demander's mark design to 
create the mark. 

[0011] In accordance with another aspect, there is 
provided a terminal device for attaching a mark for data 
certification based on a digital mark to digital data, 
which terminal device comprises: 

a mark processor (312) for transmitting a mark cre- 
ation request to a digital mark certification system, 
for receiving from the system a mark obtained by 
encrypting information including demander's fea- 
ture with use of a cryptograph key and embedding 
the certification information in demander's mark 
design, and for storing the mark therein; 
a decoding key database (315) for receiving and 
storing a decoding key for decoding of the mark; 
and 

a transmitter (303) for encrypting log information on 
the digital data with use of the cryptograph key, 
embedding the encrypted log information in the 
mark, and transmitting the mark together with the 
digital data. 

[0012] In accordance with yet a further aspect of 
the present invention, there is provided a certification 
system for certifying data based on a digital mark, which 
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comprises: 

a mark management processor (221) for embed- 
ding certification information of a mark creation 
demander in a demander's mark design to create a 5 
visible mark on a display in response to demander's 
request; 

a mark distributor (200-222) for distributing a 
decoding key for decoding of the mark and the visi- 
ble mark to a demanders terminal device; and u 
a transmitter (303) for encrypting log information on 
the digital data with use of the cryptograph key. 
embedding the encrypted log information in the 
mark, and transmitting the mark together with the 
digital data. 1t 

[001 3] The mark certification processor of the elec- 
tronic mark authentication system for certifying digital 
data based on a mark indicative of a seal image or a sig- 
nature can attach to the digital data a mark obtained by 20 
embedding identity authentication information and dig- 
ital data certification information in a mark design and 
can perform the digital data certification with use of the 
certification information in the mark. 

[0014] When a mark registration processor of the 25 
mark terminal device in the present invention transmits 
to the mark management server a mark registration 
request demanding a new registration or updating of a 
mark such as an electronic seal, the mark management 
processor of the mark management server receives the 30 
mark registration request, embeds identity authentica- 
tion information obtained by encrypting information for 
identification of the request originator with use of a cryp- 
tograph key in a mark design such as a seal image 
design to create a mark, attaches a decoding key for 35 
decoding of the identity authentication information to the 
created mark, and distributes the key-attached mark to 
the request originator. 

[0015] * A mark decoding key management proces- 
sor of the mark management server registers the 40 
decoding key for decoding of the encrypted identity 
authentication information in a mark decoding key man- 
agement DB, and transmits the registered decoding key 
to the associated mark terminal device. 
[001 6] The mark registration processor of the mark 45 
terminal device accepts the mark from the mark man- 
agement processor of the mark management server. A 
decoding key storage processor of the mark terminal 
device receives the decoding key from the mark digital 
data management processor and stores the decoding so 
key in a digital data DB. 

[0017] With respect to digital data such as a docu- 
ment having a mark attached thereto, a mark attach- 
ment processor of the mark terminal device encrypts 
digital data certification information containing its tea- ss 
tured information and a mark attachment serial number 
with use of a cryptograph key unique to the user, 
embeds the encrypted digital data certification informa- 



tion and mark attachment serial number in the mark 
having the identity authentication information of the user 
of a digital data sender embedded therein, and attaches 
the mark at a selected position of the digital data. It is 
possible to embed in the mark both the whole certifica- 
tion information encrypted and the original or non- 
encrypted certification information or both the original 
certification information and the digital signature of the 
original certification information. 
[001 8] when the digital data attached by the mark is 
transmitted to the mark terminal device of another user 
in such a manner as mentioned above, a mark certifica- 
tion processor of the mark terminal device extracts the 
identity authentication information from the mark 
attached to the digital data, and collates the decoding 
key attached for decoding of the identity authentication 
information with an associated decoding key previously 
stored in the decoding key DB. When determining a 
coincidence between the decoding keys, the mark certi- 
fication processor decodes the identity authentication 
information extracted from the mark with use of the 
decoding key into the identity authentication information 
and displays it. When determining a non-coincidence 
between the decoding keys, the mark certification proc- 
essor displays an error message. 
[001 9] The mark certification processor of the mark 
terminal device also extracts the digital data certification 
information from the mark having the digital data 
attached thereto, decodes the extracted digital data cer- 
tification information with use of the decoding key, 
extracts featured information from the digital data hav- 
ing the mark attached thereto, compares the featured 
information extracted from the digital data with the fea- 
tured information in the digital data certification informa- 
tion. When determining a coincidence between the 
featured information, the mark certification processor 
displays the digital data certification information; 
whereas, when determining a non-coincidence therebe- 
tween, the mark certification processor displays an 
error message. 

[0020] As has been mentioned above, since the 
electronic mark authentication system of the present 
invention attaches to digital data a mark having the 
identity authentication information and digital data certi- 
fication information embedded therein and certifies the 
digital data with use of the certification information in the 
mark, the system can realize the identity authentication 
and data certification while securing visuality of a matter 
symbolic of the data sender when the digital data is 
transmitted and received on a network 

Fig. 1 schematically shows an arrangement of an 
electronic seal authentication system in accord- 
ance with an embodiment of the present invention;* 
Fig. 2 schematically shows an arrangement of a 
seal mark management server 101 in the present 
embodiment; 

Fig. 3 schematically shows an arrangement of an 
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employee terminal 1 1 1 in the present embodiment; 
Fig, 4 shows an example of data of a seal mark 
management database (DB) 210 in the present 
embodiment; 

Fig. 5 shows an example of data of a seal mark 
public key management DB 211 in the present 
embodiment; 

Fig. 6 shows an example of authentication data in 
the present embodiment; 

Fig. 7 shows an example of document authentica- 
tion data in the present embodiment; 
Fig. 8 shows examples of seal images and seal 
marks in the present embodiment; 
Fig. 9 shows an image example on an initial display 
screen in the present embodiment; 
Fig. 10 is a flowchart showing a procedure of seal 
mark registering operations in the present embodi- 
ment; 

Fig. 1 1 is a flowchart showing a procedure of seal 
mark imprinting operations; 

Fig. 12 shows images of processing display 
screens associated with a processing flow of Fig. 
11 in the present embodiment; 
Fig. 13 is a flowchart showing a procedure of 
authentication operations in the present embodi- 
ment; 

Fig. 14 shows images of the processing display 
screens associated with a processing flow of Fig. 
1 3 in the present embodiment; 
Fig. 15 is a flowchart showing a procedure of docu- 
ment authentication operations in the present 
embodiment; and 

Fig. 16 shows images of the processing screens 
associated with a processing flow of Fig. 15 in the 
present embodiment. 

[0021] Explanation wilt be made as to an electronic 
mark authentication system for performing authentica- 
tion and document certification with use of a digital sig- 
nature or a seal in a corporation intra-network and in an 
inter-corporation network in accordance with an embod- 
iment of the present invention. 

[0022] Fig. 1 schematically shows an arrangement 
of a digital mark authentication system in accordance 
with the present embodiment. The electronic mark 
authentication system of the present embodiment is 
used by a plurality of system managers 100A to 100B 
(which will be sometimes referred to merely as the sys- 
tem manager 100, hereinafter) for managing seal marks 
or signature marks and by a plurality of employees 1 1 0A 
to 11 0B (which will be sometimes referred to merely as 
the employee 110, hereinafter). In the system, as shown 
in Fig. 1, a mark management server 101 A (which will 
be sometimes referred to merely as the mark manage- 
ment server 101 . hereinafter) and an employee terminal 
1 1 1 A (which will be sometimes referred to merely as the 
employee terminal 111, hereinafter) are mutually con- 
nected through a communication network 120 A such as 



a corporation intranet (which network will be sometimes 
referred to merely as the communication network 120, 
hereinafter). Also connected to the communication net- 
work 120 is a system or client terminal of a BB corpora- 
5 tion similar to the above through the Internet 108. 

[0023] The mark used herein refers to a mark such 
as a seal or a signature, which is in the form of an image 
design and which may have an image design shape 
more redundant or unclear than usual types used in 
io documents, which is visual image data containing an 
element indicative of mark user's identity, and which is 
used to confirm whether or not an unauthorized person 
or third party impersonates its authorized user to affix 
the seal mark or to affix a signature upon a document 
is (which confirmation will be also referred to merely as 
the identity authentication, hereinafter) and to confirm 
whether or not the document having the seal or signa- 
ture affixed thereupon is falsified (which confirmation 
will also be referred to merely as the document certif ica- 
20 tion, hereinafter). The image design may be more 
redundant than type encoded information. 
[0024] The mark management server 101 acts to 
perform the identity authentication or document certifi- 
cation in a corporation intra-network or inter-corporation 
25 network transactions managed by the system manager 
100. The mark management server 101, in response to 
a request from the employee 110, registers a mark in a 
mark management DB (to be explained later) as infor- 
mation necessary for its authorized user's identity 
30 authentication. At this time, the design of the mark can 
be freely created by the employee 1 1 0 in such a manner 
as to digitize an actual seal image, signature, face pic- 
ture, etc. by means of a scanner, but in order to prevent 
illegal registration, its creator is checked by the 
35 employee ID or the like. 

[0025] The employee 1 1 0 creates documents or the 
like necessary for business with use of the employee 
terminal 1 11 or conducts data transfer with the system 
manager 100. Each mark is managed by the employee 
40 terminal 111. When a modification of information con- 
tained in a seal or signature such as corporation's sec- 
tion is requested by its creator , the system manager 
100 updates the mark and transmits the updated mark 
to the employee terminal 111. A screen image 112 
45 shows an example of a display screen when digital data 
with a seal mark is displayed. 

[0026] Fig. 2 schematically shows an arrangement 
of the mark management server 101 in the present 
embodiment. The mark management server 101 of the 

so present embodiment includes a mark management 
processor 221 and a mark public key management 
processor 222, as shown in Fig. 2. 
[0027] The mark management processor 221 
receives a mark registration request demanding new 

55 registration or updating of a mark from the employee 
terminal 1 1 1 via the communication network 120 A, cre- 
ates a mark by embedding identity authentication infor- 
mation obtained by encrypting information for identity 
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authentication of the request originator by a secret key 
into the seal image or signature design of the request 
originator by an electronic watermarking technique 
(which will be explained later), attaches a public key for 
decoding of the identity authentication information to the 5 
created mark, and then distributes it to the request orig- 
inator. 

[0028] The mark public key management processor 
222 registers the public key for decoding of the 
encrypted identity authentication information in the seal 10 
mark public key management DB211, and transmits the 
registered public key to the employee terminal 111. 
[0029] A program for causing the mark manage- 
ment server 101 to function as the mark management 
processor 221 and mark public key management proc- is 
essor 222, may be stored in a recording medium such 
as a CD-ROM and then recorded in a magnetic disk or 
the like and then loaded in a memory to be executed. 
The medium for recording the program therein may be 
another medium other than the CD-ROM. 20 
[0030] As shown in Fig. 2, the mark management 
server 101 in the present embodiment includes a dis- 
play unit 201, an input device 202, a communication 
network interface 203. a mark management DB inter- 
face 204, a mark public key management DB interface 25 
205, a mark log management DB interface 206, a stor- 
age device 207, a CPU 208. a memory 209, these 
devices being interconnected by means of a bus 200. 
Also connected to the mark management server 101 as 
external storage devices are a mark management DB. 30 
210, a mark public key management DB 211 and a 
mark log management DB 212. 
[0031] The display unit 201, which comprises a 
CRT, a liquid crystal display or the like, is used to display 
a message to inform the system manager 1 00 using the 35 
mark management server 101 of the message. The 
input device 202 is used for the system manager 100 
using the mark management server 101 to enter data or 
an instruction. The communication network interface 
203 functions to perform data transfer with the 40 
employee terminal 11 1 or the mark management server 
1 01 B of another corporation via the communication net- 
work 120. 

[0032] The mark management DB interface 204 
performs data transfer with the mark management DB 45 
210. The mark management DB 210 manages data 
including employee IDs, seal/signature IDs and seal 
images/signatures as associated therewith, for exam- 
ple, as shown in Fig. 4. 

[0033] The mark public key management DB inter- so 
face 205 performs data transfer with the mark public key 
management DB 211. The mark public key manage- 
ment DB 21 1 manages data including mark managers 
of information system management sections, etc. of 
transacting corporations and public keys for identity ss 
authentication thereof as associated therewith, for 
example, as shown in Fig. 5. 

[0034] The mark log management DB interlace 206 
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is provided to perform data transfer with the mark log 
management DB 212. The mark log management DB 
212 manages document certification data embedded in 
marks when the marks are affixed upon digital data at 
the employee terminal 1 1 1 as associated therewith, for 
example, as shown in Fig. 7. 

[0035] The storage device 207, which comprises a 
hard disk, floppy disk or the like, is used to permanently 
store therein a program or data to be used in the mark 
management server 101. 

[0036] The CPU 208 performs general control over 
the constituent elements of the mark management 
server 101 or performs various types of calculations. 
The memory 209 temporarily stores therein programs 
necessary for processing the above operations by the 
CPU 208 such as an operating system (OS) 220, mark 
management processor 221 and mark public key man- 
agement processor 222. 

[0037] In this case, the OS 220 is a program for 
realizing functions of file management, process man- 
agement and device management to control the entire 
mark management server 101. 

[0038] The mark management processor 221 
determines whether or not a mark registration/modifica- 
tion request issued from the employee terminal 111 is 
an illegal request from a third party, embeds the identity 
authentication information in the transmitted signature 
or seal image design or in the design managed by the 
mark management DB 210 when determining the 
request is legal, updating the mark management DB 
210 based on the embedding operation, transmits the 
mark to the request originator, and stores log informa- 
tion transmitted at the time of affixing the seal mark in 
the mark log management DB 212. 
[0039] It is assumed that the mark management DB 
210 can be updated only by an authorized person. In 
this connection, the identity authentication information 
to be embedded in the design is as shown in Fig. 6. A 
technique for embedding specific information in image 
data is known as "electronic watermarking". There are 
two ways of watermarking, that is, invisible watermark- 
ing of embedding information in such an invisible man- 
ner that human cannot distinguish it and visible 
watermarking of embedding information in such a visi- 
ble manner that human can see it. It is the that the invis- 
ible watermarking has a limitation in the quantity of 
information to be embedded, but can be valid in not a 
few cases. More specifically, so long as the mark image 
can tell us what it means by its symbol or matter, that is, 
we can know what the mark tell us, the design can be 
somewhat modified without trouble. In such a case, a 
certain amount of much information can be embedded 
by combining the above visible and invisible watermark- 
ing methods as shown in Fig. 8. 
[0040] The mark public key management processor 
222 confirms a sender of a mark affixed upon a digital 
document outside the corporation, that is, registers and 
manages a public key necessary for the identity authen- 
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tication in the mark public key management DB 211, 
transmits a new public key to the public key DB con- 
nected to the employee terminal 1 1 1 when the new pub- 
lic key is registered in the mark public key management 
DB 21 1 , and in the presence of a public key transmis- 
sion request, transmits the corresponding public key to 
the request originator. 

[0041] It is also assumed that, when receiving a 
public key from a corporation outside my corporation, 
for the purpose of preventing a third party impersonate 
the system manager 100 of my corporation, my corpo- 
ration performs the identity authentication of the public 
key sender and then accepts the public key stored in a 
floppy disk (FD) or the like. 

[0042] Fig. 3 schematically shows an arrangement 
of the employee terminal 111 in the present embodi- 
ment. As shown in Fig. 3, the employee terminal 1 1 1 of 
the present embodiment has a mark registration proc- 
essor 312, a mark sealing processor 313, a mark certi- 
fication processor 314 and a public key storage 
processor 315. 

[0043] The a mark registration processor 312 trans- 
mits a mark registration request for new registration or 
updating of a mark to the mark management server 
101, and accepts from the mark management server 
101 a mark created by embedding, in the design of the 
request originator, identity authentication information 
obtained by encrypting information for authentication of 
the request originator with use of a secret key. 
[0044] The mark sealing processor 313 encrypts 
document certification information containing featured 
data of a document having a mark affixed thereupon as 
well as a serial number with use of a secret key unique 
to the user, embeds the encrypted document certifica- 
tion information and serial number in the mark having 
the identity authentication information embedded 
therein, and affixes the mark at a selected position in 
the document. 

[0045] The mark certification processor 314 per- 
forms the identity authentication operation by extracting 
identity authentication information from a mark affixed in 
a document, collating a public key attached thereto for 
decoding the identity authentication information with a 
corresponding public key stored in a public key DB 309 
to check for coincidence therebetween, decoding and 
displaying, in the case of coincidence, the identity 
authentication information extracted from the mark with 
use of the public key, and displaying, in the case of non- 
coincidence, an error message; and also performs the 
data certification operation by extracting document cer- 
tification information from the mark affixed in the docu- 
ment, decoding the document certification information 
with* use of the public key, extracting featured informa- 
tion from the document affixed with the mark, compar- 
ing the featured information extracted from the 
document with the featured information in the document 
certification information extracted from the mark to 
check for coincidence therebetween, displaying, in the 



case of coincidence, the document certif ication informa- 
tion, and displaying, in the case of non-coincidence, an 
error message. The public key storage processor 315 
receives the public key for decoding of the identity 
5 authentication information from the mark management 
server 101 and stores the public key in the public key 
DB 309. 

[0046] A program for causing the employee termi- 
nal 111 to function as the mark registration processor 

10 312, mark sealing processor 313, mark certification 
processor 314 and public key storage processor 315, is 
assumed to stored as recorded in a magnetic disk or the 
like having a recording medium such as a CD-ROM and 
then loaded in the memory to be executed. The medium 

75 for recording the program may be any medium other 
than the CD-ROM. 

[0047] As shown in Fig. 3, the employee terminal 
1 11 in the present embodiment has a display unit 301 , 
an input device 302, a communication network interface 

20 303, a public key DB interface 304, a storage device 
305, a CPU 306 and a memory 307, these devices 
being interconnected by means of a bus 300. When it is 
desired to use such a design as so far used in real 
world, the design may be read into the terminal compu- 

25 ter in the form of a bit map or the like with use of an 
image scanner 308 connected thereto. 
[0048] The display unit 301, which comprises a 
CRT. a liquid crystal display or the like, is used to display 
a message or the like to tell it the employee 1 10 using 

30 the employee terminal 111. The input device 302, which 
comprises a keyboard or a mouse, is used for the 
employee 1 1 0 using the employee terminal 1 1 1 to enter 
data or instructions. The communication network inter- 
face 303 performs data transfer with the mark manage- 

35 ment server 101 or employee terminal 111B via the 
communication network 120. 

[0049] The public key DB interface 304 performs 
data transfer when the public key DB 309 is present. 
The storage device 305, which comprises a hard disk, 

40 floppy disk or the like, is used to permanently store pro- 
grams or data to be used at the employee terminal 111. 
[0050] The CPU 306 performs general control over 
the constituent elements of the employee terminal 1 1 1 
and performs various sorts of calculating operations. 

45 The memory 307 temporarily stores therein such pro- 
grams necessary for the CPU 306 to perform the above 
operations as an operating system (OS) 310, a group- 
ware system 311, a mark certification processor 314 
and a mark information storage 316. 

so [0051] In this case, the OS 310 is a program for 
realizing functions of file management, process man- 
agement and device management to perform control of 
the entire employee terminal 111. The groupware sys- 
tem 31 1 functions to perform transfer of digital data with 

55 inside and outside my corporation to display necessary 
data, and has an interface with the mark certification 
processor 314 to process authentication information 
attached to the digital data. In this conjunction, the 
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groupware system 31 1 is not limited to a specific group- 
ware system, but may be any type of system so long as 
it is an application system for handling the digital data. 
In some cases, the mark certification processor 314 
may be an independent application system running on 
the OS 310. 

[0052] The a mark registration processor 312 acts 
to create a design for mark registration, transmits a 
mark registration request to the mark management 
server 101, and receives a mark from the mark man- 
agement server 101. 

[0053] The mark sealing processor 313 performs 
operations for the employee 110 to digitally affix a sig- 
nature or a seal upon digital data at the employee termi- 
nal 111. More specifically, the mark sealing processor 
313 displays necessary digital data, calls a mark corre- 
sponding to the ID of the employee when a password for 
the employee ID is entered, embeds, in a specific block, 
information obtained by encrypting selected document 
certification information and signature/seal information 
such as a seal serial number, etc. of the mark with use 
of a unique secret key, and affixes the mark at a speci- 
fied position in the document. 

[0054] The mark certification processor 314 checks 
for a sender or contents of the digital data received at 
the employee terminal 111 of the employee 110. More 
in detail, the mark certification processor 314 displays 
necessary digital data, displays the identity authentica- 
tion information embedded in the mark after decoded 
with use of a public key previously distributed from the 
mark management server 101, displays the document 
certification information embedded in the mark after 
decoded with use of the public key attached to the mark, 
displays an error message when the document certifica- 
tion information cannot be decoded with use of the pub- 
lic key, checks on information about the expiration date, 
file name, etc. of the displayed digital data, and modifies 
the above design to an invalid design when judging 
invalid. 

[0055] The mark information storage 316 temporar- 
ily stores therein the mark or public key called at the 
employee terminal 1 1 1 by the mark certification proces- 
sor 314. 

[0056] When a plurality of public keys are required 
for confirmation of the identity authentication informa- 
tion as in network transactions between corporations, 
the public key DB 309 is arranged to be connected to 
the employee terminal 1 1 1 or communication network 
120 so that the mark public key management DB 21 1 
can transmit necessary the public keys to the public key 
DB interface 304 and thus the employee can look up 
these keys on the employee terminal 111. When marks 
are used only in a corporation intra-net, the public keys 
may be previously given to the employee terminal 1 1 1 
and how to store the public keys is not limited. 
[0057] Fig. 4 shows an example of data of the mark 
management DE 210 in the present embodiment. The 
mark management DB 210 stores therein employee IDs 



401, seal IDs 402, names 403, mail addresses 404, 
department/position information 405 and seal images 
406 according to a specific representation format. When 
u a new mark was registered or the existing mark depart- 

5 ment/position information 405 was modified, for exam- 
ple, the mark management DB 210 is updated. 
[0058] Fig. 5 shows an example of data of the mark 
public key management DB 21 1 in the present embodi- 
ment. The mark public key management DB 21 1 stores 

io therein data numbers 501, mark managers 502, man- 
ager addresses 503 and public key data 504 as inte- 
grally shown according to a specific representation 
format. The mark public key management DB 21 1 is a 
DB for managing the public key data 504 for identity 

is authentication. When a corporation having a new mark 
was added or when the public key data 504 was modi- 
fied, the mark public key management DB 211 is 
updated. In this connection, when an expiration date or 
the like is previously set for the public key data 504, the 

20 mark public key management DB 21 1 also manages the 
expiration date data. 

[0059] Fig. 6 shows an example of data of the iden- 
tity authentication data in the present embodiment. Fig. 
6 shows an example of the identity authentication data 
25 when the mark management processor 221 embeds 
the identity authentication information in a seal image in 
response to a request from the employee 110 in the 
mark management server 101 . 

[0060] Seal ID 601, name 602, mail address 603 

30 and section/position 604 are encrypted by the mark 
management processor 221 with use of a secret key 
managed by the mark management server 101, and 
then embedded as a mark entity. Upon the embedding, 
as in the case of a seal image 802 shown in Fig. 8 for 

35 example, an invisible watermark is embedded in a name 
part of the seal image and a corporation name is 
embedded in the form of a visible watermark. That is, 
the present invention is previously divided into two or 
more blocks and identity authentication information is 

40 embedded in specific one of the block. In the case of a 
seal such as a corporation seal, a section of the signa- 
ture/seal in charge can be used as the identity authenti- 
cation information in some cases. 
[0061] Fig. 7 shows an example of data of the doc- 

45 ument certification data in the present embodiment. 
More specifically, Fig. 7 shows an example of the docu- 
ment certification data embedded as document certifi- 
cation information when the employee 110 affixes a 
mark in digital data on the employee terminal 111. 

so [0062] The mark sealing processor 313 of the 
employee terminal 111 encrypts a seal ID 701, mark 
sealing serial NO. 702, a creation date 703, expiration 
date 704, file name 705, terminal ID 706 and digital data 
feature information 707, with use of a secret key man- 

55 aged by the mark sealing processor 313 at the 
employee terminal 111, and then embeds the encrypted 
information as a mark entity. As in the case of a seal 
image 803 shown in Fig. 8 for example, document certi- 



13 



EP1 003127 A2 



14 



f ication information is embedded in a peripheral part of 
the seal image other than a block having the identity 
authentication information embedded therein. 
[0063] The digital data feature information 707 
include, for example, information on so-called "check 
sum" of a character data code added as regarded as a 
numeral value and a compressed document having 
contents of digital data. 

[0064] Shown in Fig. 7 is an example of data of the 
mark log management DB 212. The mark sealing proc- 
essor 313 of the employee terminal 1 1 1 transmits such 
data as shown in Fig. 7 to the mark management server 
101 as log information at the time of affixing a signa- 
ture/seal, and the mark management processor 221 
stores the log information in the mark log management 
DB212. 

[0065] In this case, it is assumed that data neces- 
sary for the identity authentication and document certifi- 
cation are not limited to the examples of Figs. 6 and 7, 
but data for the authentication and the certification may 
include any conditions required as record information of 
electronic data at the time of obtaining the certification 
oflSO9001. 

[0066] Fig. 8 shows examples of seal and mark 
images in the present embodiment. The identity authen- 
tication information is embedded in such a seal image 
801 as shown in the drawing. In this case, the seal 
image is previously divided into two or more blocks so 
that the identity authentication information and docu- 
ment certification information are embedded in specific 
ones of the blocks. 

[0067] For example, the block division is carried out 
in such a manner that the identity authentication infor- 
mation is embedded in a name part and in a corporation 
name part of visible watermark as in the case of the seal 
image 802 and the document certification information is 
embedded in a peripheral part of the seal image as in 
the case of the seal image 803. When the certification 
information is decoded in the mark certification proces- 
sor 314 of the employee terminal ill, information 
embedded in the corresponding block is automatically 
extracted. 

[0068] A design of an individual private seal has 
been employed as the seal image design example in the 
seal image 801 . However, the design is not limited to the 
design example of the seal image 801, but a design 
such as a dated corporation section seal or a sign may 
be employed, or at the time of using the design as a cor- 
poration seal, its corporation title can be employed. In 
this connection, it is important that the seal image 
design be not a mere image design but such a seal 
image design as to give us a reliable impression as if the 
certification information were embedded. 
[0069] Explanation will next be made as to the oper- 
ation of the electronic authentication system in accord- 
ance with the present embodiment Fig. 9 shows an 
example of initial display screen image in the present 
embodiment. More specifically, Fig. 9 shows an exam- 



ple of an initial display screen image of the electronic 
authentication system displayed on the employee termi- 
nal 111. 

[0070] The initial screen 900 includes a digital data 
5 display area 901 for display of a necessary digital docu- 
ment or the like, a mark function display area 902 hav- 
ing mark function icons arranged thereon, and a basic 
function display area 903 having basic function icons of, 
e.g., OK, cancel and file arranged thereon. However, 
10 the area array of the initial screen 900 is given as merely 
an example and is not limited to the illustrated array. 
[0071 ] Fig. 1 0 is a flowchart showing a procedure of 
mark registering operations in the present embodiment. 
More specifically, Fig. 10 shows flows of mark register- 
15 ing operations between the employee terminal 1 1 1 and 
mark management server 101. 

[0072] When the employee 110 first clicks a regis- 
tration button in the mark function display area 902 on 
the initial screen 900 of pg- 9, the a mark registration 

20 processor 312 transmits a mark registration request to 
the mark management server 101 (step 1001). The 
mark management server 101 when receiving the mark 
registration request, reads out, at the mark manage- 
ment processor 221, the mail address 404 of the 

25 request originator from the mark management DB 210 
on the basis of the employee ID 401 of the registration 
request originator, and transmits a mark request/ modi- 
fication confirmation request to the mail address 404 of 
the request originator (steps 1002 and 1003). 

30 [0073] The mark registration processor 312 of the 
employee terminal 111 receiving the confirmation 
request transmits, together with a result of the mark 
request confirmation, a to-be-registered or to-be-modi- 
fied seal image design created with use of an image 

35 scanner or the like to the mark management server 101 
(steps 1004 and 1005). The seal or signature image 
design may be created through digital data processing 
by use of a digital camera and digital contents prepara- 
tion software in place of using the scanner. 

40 [0074] The mark management server 101, when 
receiving the seal image and the mark request confir- 
mation result, encrypts, at the mark management proc- 
essor 221, the identity authentication information with 
use of the secret key of the mark management server 

45 101 managed thereby, and embeds the encrypted iden- 
tity authentication information in the received seal 
image design (step 1008). 

[0075] After the mark management server 101 
updates information on the mark registered or modified 

so in the mark management DB 210 (step 1009), the cre- 
ated mark is distributed, together with a public key for 
decoding the identity authentication intonation, to the 
employee 1 1 0 of the request originator in the form of an 
floppy disk (FD) (step 1010). The employee 110 stores 

55 the distributed mark in the employee terminal 111 
(steps 1011 and 1012). 

[0076] Fig. 1 1 is a flowchart showing a procedure of 
mark sealing operations in the present embodiment. 
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More specifically, Fig. 1 1 shows flows of affixing a mark 
upon a document having document certification infor- 
mation embedded therein at the employee terminal 111. 
Fig. 12 shows images of a processing display screen 
corresponding to the processing flow of Fig. 1 1 in the 
present embodiment. By referring to Figs. 11 and 12 
and also Fig. 9, the aforementioned processing flow will 
be explained. 

[0077] The employee 110 first selects document 
data to be sealed with use of a file button in the basic 
function display area 903 to display the selected docu- 
ment data in the digital data display area 901 (step 

1101): 

[0078] When the operator clicks a mark call button 
in the mark function display area 902, the mark sealing 
processor 313 causes appearance of input columns of 
the employee ID 401 and password like a processing 
screen image 1201 in Fig. 12 (steps 1102 and 1103). 
[0079] The mark sealing processor 313 collates the 
entered password with a corresponding password previ- 
ously stored in the employee terminal 111. When deter- 
mining a non-coincidence therebetween, the mark 
sealing processor 313 displays an error message; 
whereas, when determining a coincidence therebe- 
tween, the mark sealing processor 313 displays the 
mark in the mark column (steps 1 104 to 1 106). 
[0080] When the operator next clicks a document 
information embed button, the mark sealing processor 
313 causes appearance of item columns of document 
certification information as in a processing screen 
image 1202 in Fig. 12 (steps 1 107 and 1 108). 
[0081 ] When the operator selects necessary items 
and click an OK button, the mark sealing processor 31 3 
encrypts the selected document information and a 
secret key unique to each employee for which a sealing 
serial number is previously determined to embed the 
encrypted information in the mark, and attaches a pub- 
lic key for decoding thereof to display the mark in the 
mark column (steps 1 109 to 1 1 13). 
[0082] When the operator selects a sealing position 
and clicks a sealing button in the mark function display 
area 902, the mark sealing processor 313 affixes the 
mark at the selected position in the document (steps 
1 114 to 11 16). After the mark is affixed, the illustrated 
order can be transmitted. In this connection, the mark 
having the information embedded therein can also be 
independently transmitted without affixing the mark 
upon the document. In this connection, the public key 
unique to the employee and necessary for decoding of 
the document certification information may be acquired 
at the time of the identity authentication without being 
attached to the mark. 

[0083] Fig, 1 3 is a flowchart showing a procedure of 
identity authenticating operations in the present embod- 
iment. Fig. 14 shows images of the processing display 
screens corresponding to the processing flow of Fig. 13 
in the present embodiment. When the employee 110 
first displays digital data having a mark attached therein 



on the employee terminal 1 1 1 as in a processing screen 
image 1401 in Fig. 14 and then clicks a mark confirma- 
tion button, the mark certification processor 314 dis- 
plays mark confirmation item columns (steps 1301 and 
5 1302). 

[0084] When the employee 110 clicks the mark 
identity authentication item like a processing screen 
image 1402 in Fig. 14 ( the mark certification processor 
314 extracts the identity authentication information from 

10 the mark (step 1 303). The public key for decoding of the 
extracted identity authentication information is collated 
with a corresponding public key in the employee termi- 
nal 1 1 1 or in the public key DB 309 to find a coincidence 
or non-coincidence therebetween (step 1305). 

is [0085] When determining a coincidence between 
the above public keys, the mark certification processor 
314 decodes the identity authentication information 
extracted from the mark, and displays contents of the 
decoded identity authentication information in such a 

20 manner as to be able to confirm the contents like a 
processing screen image 1403 in Fig. 14 (step 1306). 
When determining a non-coincidence therebetween, 
the mark certification processor 314 displays an error 
message (step 1307). Further, when displaying the 

25 error message, the mark certification processor 314 
modifies the mark to such an invalid design, e.g.. by 
erasing its seal image or applying a mark X thereon 
(step 1308). 

[0086] When it is desired to ask its authorized user 
30 the contents displayed as the identity authentication 
information for confirmation, the employee sends a mail 
addressed to a confirmation request mail address given 
in the identity authentication information. In this connec- 
tion, how to display a result of the identity authentication 
35 is not limited to the examples of the processing screen 
image of Fig. 14 but may be arbitrarily modified. For 
example, the error message can be given in the form of 
a voice. 

[0087] Fig. 15 is a flowchart showing a procedure of 
40 document certifying operations in the present embodi- 
ment. In beginning steps of the document certifying 
operation flow, the same parts as those in the identity 
authenticating operation flow, that is, parts correspond- 
ing to the steps 1301 and 1302 in Fig. 13 are omitted in 
45 Fig. 15. Fig. 16 shows examples of processing screen 
images corresponding to the processing flow of Fig. 15 
in the present embodiment. 

[0088] The employee 110 first clicks mark docu- 
ment certification items on the employee terminal 111 

so as in a processing screen image 1601 in Fig. 16 (step 
1501). The mark certification processor 314 extracts 
from the mark a public key necessary for decoding of 
the document information and the document certifica- 
tion information, and decodes the document certifica- 

55 tion information (steps 1502 to 1504). 

[0089] Next, featured information is extracted from 
digital data of the document having the mark affixed 
thereupon, and is compared with the featured informa- 
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tion 707 of the document certification information 
extracted from the mark to find a coincidence or non- 
coincidence between the featured information (steps 
1505 and 1506). 

[0090] As a result, determination of a non-coinci- 
dence between the featured information means that the 
digital data of the document is different from the digital 
data thereof at the time of its creation. Thus the mark 
certification processor 314 displays an error message 
such as "this data is modified" and modifies the design 
to an invalid design, for example, by erasing the seal 
image or applying a mark X to the seal image (steps 
1507 and 1508). 

[0091] When determining a coincidence between 
the featured information, the mark certification proces- 
sor 314 further confirms information on expiration date, 
etc. If OK, then the mark certification processor 314 dis- 
plays the document information like a step processing 
screen image 1602 for confirmation (steps 1509 and 
1510). When the expiration date 704 is already expired, 
then the mark certification processor 314 modifies the 
design to an invalid design, for example, by erasing the 
seal image or applying a mark X to the seal image (step 
1508). In this connection, how to display the document 
certification result is not limited to the processing screen 
image example of Fig. 16. For example, the error mes- 
sage may be given in the form of a sound. 
[0092] For the purpose of preventing a third party 
from illegally sealing a design, a password may be 
employed. For increasing the security, however, the 
password can be managed in the form of an ID card so 
that, when the password is used, the password can be 
read out from the ID card by the mark certification proc- 
essor 31 4. In this case, when the password is previously 
encrypted, the security can be further increased. 
[0093] For the purpose of avoiding such illegal mark 
use that an unauthorized person gets other's mark hav- 
ing identity authentication information alone embedded 
therein and embeds document information in the mark 
with use of his secret key to use it illegally, the mark 
sealing serial NO. 702 for example is employed. When 
the authorized user affixes the mark having the docu- 
ment certification information embedded therein at the 
employee terminal 1 1 1 , the mark sealing serial NO. 702 
is automatically transmitted to the mark management 
server 101 as log history information, whereby such ille- 
gal use can be checked by managing the log informa- 
tion in the mark log management DB 212. 
[0094] As has been explained in the foregoing, the 
embodiment of the present invention has been 
explained in connection with examples of the corpora- 
tion intra-net and inter-corporation network. However, 
the present invention is not limited to the specific forms. 
For example, the invention can be applied to general 
digital data for transactions on network such as an order 
sheet created when an individual conducts electronic 
transactions on network. There may be considered 
such a method that a self-governing body, which has 



issued a certificate of seal impression so far, becomes a 
mark management organization and distributes to a 
mark applicant a mark having his identity authentication 
information embedded therein and the mark certifica- 

5 tion processor 314 in the form of a floppy disk (FD) or 
the like. The digital data may, in some cases, include 
contents of information including a signature for attend- 
ance or vote confirmation, only the signature being dig- 
ital data. The digital data is not limited to a document but 

to may include still image data of a map or the like or mov- 
ing image data. A mark having signature data for 
attendance or open ballot may be transmitted to the 
manager terminal, the database or the electronic bulle- 
tin or board. 

15 

Claims 

1 . A digital mark certification system for providing a 
mark for data certification based on a digital mark, 

20 comprising: 

a mark management processor (221) for 
embedding certification information of a mark 
creation demander in a demander's mark 
25 design to create a visible mark on a display in 

response to demander's request; and 
a mark distributor (200-222) for distributing a 
decoding key for decoding of the mark and the 
visible mark to a demander's terminal device. 

30 

2. A system as set forth in claim 1, comprising a 
decoding key management database for storing the 
decoding key therein and a decoding key manage- 
ment processor (222) for transmitting the decoding 

35 key to a plurality of mark terminal devices con- 
nected to the mark management server. 

3. A system as set forth in claim 1 or 2, wherein it can 
be visually recognized on the display that the certi- 

40 fication information is embedded in the created 
mark. 

4. A system as set forth in claim 1 , 2 or 3, wherein the 
certification information is obtained by encrypting 

45 information including a demander's feature with use 
of a cryptograph key 

5. A system as set forth in claim 1, 2, 3 or 4, wherein 
the mark management processor (221) encrypts 

so information including demander's other feature with 
use of the cryptograph key to create other certifica- 
tion information of the demander in response to a 
mark updating request and embeds the other certi- 
fication information in demander's mark design to 

55 create the mark. 

6. A system as set forth in claim 1, 2, 3, 4 or 5. 
wherein, in response to the mark creating request, 
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the mark management processor (221) embeds in 
the mark design the other certification information 
that it cannot be visually recognized on the display 
that the other certification information is embedded 
in the mark. 

7. A system as set forth in claim 6, wherein the certifi- 
cation information and the other certification infor- 
mation are embedded in different positions divided 
in the mark. 

8. A terminal device for attaching a mark for data cer- 
tification based on a digital mark to digital data, 
comprising: 

a mark processor (312) for transmitting a mark 
creation request to a digital mark certification 
system, for receiving from the system a mark 
obtained by encrypting information including 
demander's feature with use of a cryptograph 
key and embedding the certification informa- 
tion in demander's mark design, and for storing 
the mark therein; 

a decoding key database (315) for receiving 
and storing a decoding key for decoding of the 
mark; and 

a transmitter (303) for encrypting log informa- 
tion on the digital data with use of the crypto- 
graph key, embedding the encrypted log 
information in the mark, and transmitting the 
mark together with the digital data. 

9. An electronic seal authentication system compris- 
ing: 

at least one client terminal; and 
at least one mark management server for man- 
aging a mark to be used at the client terminal, 
wherein the mark management server, when 
receiving a mark registration or modification 
request from the, client terminal, embeds infor- 
mation necessary for identity authentication of 
a digital data creator in the mark and transmits 
the information -embedded mark to the client 
terminal, and the client terminal includes 
means for embedding information necessary 
for document certification of the digital data in 
the mark and means for performing either one 
of both of the identity authentication and docu- 
ment certification of the digital data. 

10. An electronic seal authentication system as set 
forth in claim 9, wherein the means for performing 
either one or both of the identity authentication and 
document certification creates a visible seal mark 
by adding the information necessary for identity 
authentication in one of blocks of data of an image 
at the time of issuing the mark and by adding the 
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information necessary for the document certifica- 
tion in another one of the blocks at the time of send- 
ing the document. 

1 1 . A digital mark authentication method for providing a 
mark for data certification based on a digital mark 
comprising: 

a step (1008) of embedding certification infor- 
mation of a mark creation demander in a 
demander's mark design to create a visible 
mark on a display in response to demander's 
request; and 

a step (1010) of distributing a decoding key for 
decoding of the mark and the visible mark to a 
demander's terminal device. 



12. A method as set forth in claim 1 1 , comprising a step 
(1 01 0) of transmitting the decoding key to a plurality 

20 of mark terminal devices connected to the mark 
management server from a decoding key manage- 
ment database for storage of the decoding key. 

13. A method as set forth in claim 1 1 or 12, wherein it 
25 can be visually recognized on the display that the 

certification information is embedded in the created 
mark. 

14. A method as set forth in claim 11, 12 or 13, com- 
30 prising a step of encrypting information including a 

demander's feature with use of a cryptograph key to 
obtain the certification information. 

15. A method as set forth in claim 11, 12, 13 or 14, 
35 comprising a step of encrypting information includ- 
ing demander's other feature with use of the crypto- 
graph key to create other certification information of 
the demander in response to a mark updating 
request and embedding the other certification infor- 

40 mation in demander's mark design to create the 
mark. 

16. A method as set forth in claim 11, 12, 13, 14 or 15, 
comprising a step of, in response to the mark crea- 

45 tion request, embedding in the mark design the 
other certification information that it cannot be visu- 
ally recognized on the display that the other certifi- 
cation intonation is embedded in the mark 

so 17. A method as set forth in claim 16, wherein the cer- 
tification information and the other certification 
information are embedded in different positions 
divided in the mark. 

55 18. A method for operating a terminal device for attach- 
ing a mark for data certification based on a digital 
mark to digital data, comprising: 



11 



21 



EP 1 003 127 A2 



a step (1011) of transmitting a mark creation 
request to a digital mark certification system, 
for receiving from the system a mark obtained 
by encrypting information including 
demander's feature with use of a cryptograph 5 
key and embedding the certification informa- 
tion in demander's mark design, and for storing 
the mark therein; 

a step (1012) of receiving and storing a decod- 
ing key for decoding of the mark; and 10 
a step (1116) of encrypting log information on 
the digital data with use of the cryptograph key, 
embedding the encrypted log information in the 
mark, and transmitting the mark together with 
the digital data. is 

19. A digital mark certification program for providing a 
mark for data certification based on a digital mark, 
comprising: 

20 

a step (1008) of embedding certification infor- 
mation of a mark creation demander in a 
demander's mark design to create a visible 
mark on a display in response to demander's 
request; and 25 
a step (1010) of distributing a decoding key for 
decoding of the mark and the visible mark to a 
demander's terminal device. 

20. A program running on a terminal device for attach- 30 
ing a mark for data certification based on a digital 
mark to digital data, comprising: 

a step (1011) of transmitting a mark creation 
request to a digital mark certification system, 35 
receiving from the system a mark obtained by 
encrypting information including demander's 
feature with use of a cryptograph key and 
embedding the certification information in 
demander's mark design, and for storing the 40 
mark therein; 

a step (1012) of receiving and storing a decod- 
ing key for decoding of the mark; and 
a step (1116) of encrypting log information on 
the digital data with use of the cryptograph key, 45 
embedding the encrypted log information in the 
mark, and transmitting the mark together with 
the digital data. 



55 



12 



EP1 003 127 A2 



FIG. 1 



120A 



BB CORPORATION SYSTEM 
MANAGEMENT SECTION 



100B 



I 



101B 



SEAL MARK 
MANAGEMENT 
SERVER 



BB CORPORATION 
SYSTEM MANAGER 



COMMUNICATION NETWORK 



"7^ 

120B 



111B 



EMPLOYEE 
TERMINAL 



AA CORPORATION SYSTEM 
MANAGEMENT SECTION 



101A 



SEAL MARK 
MANAGEMENT 
SERVER 




100A 



I 



AA CORPORATION 
SYSTEM MANAGER 



COMMUNICATION NETWORK 




111A 



EMPLOYEE 
TERMINAL 



110A 



AA CORPORATION 
EMPLOYEE 



r 



110B 



TO BB CORPORATION 
ORDER 



ITEM : QUANTITY 



BB CORPORATION 
EMPLOYEE 



112 SCREEN IMAGE 



13 



EP 1 003 127 A2 






14 



EP1 003 127 A2 



CO 

d 




CM 
CO 



CO 

CO 



CO 



m 

CO 



o o 
i— 

52 tr 
O o 
co 

OC CO 

LU 

<c o 

5^ 



^ CO 

<o 
s o 
cc 



o 








CO 


CO 


CO 






O 




LU 


LU 




1— 
CO 






>- 

CO 






UJ 






OC 


ON 




i 


ERATI 




ROUP 


Q_ 






O 







I I 



o _ 
o o o 

= 85 

LU o - 

o £ co 
^ ol S2 
cr u. 

<: 



o 
<c 

Oo 

fr% CO 
4/5 CO 
>- LU 
LU O 

O oc 

=J °- 
CO 



CO 
CO 



uu 

LU 

c5 



^ LU 

-5 CD 

^ CO 



; 





15 



EP 1 003 127 A2 



CD 


SEAL IMAGE 






i 




m 


SECTION/POSITION, 
ETC. 

- 


...DIVISION, 
GENERAL 
MANAGER 


...DIVISION, 
SECTION 
MANAGER 


...DIVISION, 
STAFF 






IL ADDRESS 


a. 


o. 


Q. 






£ 

<§> 

to 

I 


Aida@aa.co, 


6 
o 

CO 
CO 

<§) 

o 
c 






MAI 


'< 






NAME 


AlKAWA TARO 


AIDAJIRO 


AINOSABURO 




CM 


SEAL ID 


A00123 


A00124 


I 






EMPLOYEE 
ID 


D001101117 


A035410506 


H001 100402 





16 



EP 1 003 127 A2 



FIG. 5 

501 502 503 504 



NO. 


SEAL MARK MANAGER 


MANAGER 
ADDRESS 


PUBLIC KEY 


1 


A CORPORATION SEAL 
MARK MANAGEMENT 


im@aa.co.jp 


pw****g|*****qqm* 


2 


B CORPORATION SEAL 
MARK MANAGEMENT 


im@bb.co.jp 


*ajk**yu*****aqz*r 











FIG. 6 

601 602 603 604 



SEAL ID 


NAME 


MAIL ADDRESS 


SECTION/POSITION, 
ETC. 


A00123 


AIKAWA 
TARO 


Aikawa@aa.co.jp 


...DIVISION, 
GENERAL MANAGER 









FIG 


. 7 






701 


702 


703 


704 


705 


706 


707 


SEAL ID 


SERIAL 
NO. 


CREATION 
DATE 


EXPIRATION 
DATE 


FILE NAME 


TERMINAL 
ID 


FEATURED 
INFORMATION 
OF DATA 


A00123 


000089 


1998.7.7 


1998.12.31 


158.2**/**. doc 


PC792 


******** 



FIG. 8 



EP1 003 127 A2 



FIG. 9 



900 INITIAL SCREEN IMAGE 



MARK FUNCTION 
DISPLAY AREA 

902 



SEAL 
REGISTRATION 



SEAL CALL 



DOCUMENT 
INFORMATION 



SEAL 



CONFIRMA- 
IKM 



OK 



CANCEL 



FILE 



HELP 



901 

DIGITAL DATA 
DISPLAY AREA 



903 

BASIC FUNCTION 
DISPLAY AREA 



18 



EP 1 003 127 A2 



FIG. 10 



EMPLOYEE 
TERMINAL 



1001 



REQUIRE MARK 
REGISTRATION/ 
MODIFICATION 



308 



IMAGE 
SCANNER 



I 



JCZ. 



1004 



RECEIVE MARK 

REQUEST 
ORIGINATOR'S 
CONFIRMATION 
REQUEST 



1005 



CREATE SEAL 
IMAGE DESIGN 



T 



.1006 



TRANSMIT SEAL IMAGE 
AND RECEPTION 
RESULT OF MARK 

REQUEST 
CONFIRMATION 



1011 



MARK MANAGEMENT 
SERVER 



-100 



1002 



RECEIVE MARK 
REGISTRATION/ 
MODIFICATION 
REQUEST 



1003 



ASK MARK REQUEST 
ORIGINATOR'S 
CONFIRMATION 



.1007 




EMBED IDENTITY 
AUTHENTICATION 
INFORMATION IN 
SEAL IMAGE 



T 



210 



1009 



UPDATE MARK 
MANAGEMENT DB 



1010 





DISTRIBUTE MARK 



( END ) 



19 



EP 1 003 127 A2 



FIG. 11 



1110 



ENCRYPT DOCUMENT 
CERTIFICATION 
INFORMATION AND SEAL 
SERIAL NO. 



T 



1111 



EMBED ENCRYPTED 
DOCUMENT 
CERTIFICATION 
INFORMATION AND SEAL 
SERIAL NO. IN MARK 

+ 



1112 



ATTACH PUBLIC KEY TO 
MARK HAVING 
DOCUMENT 
CERTIFICATION 
INFORMATION 
EMBEDDED THEREIN 



-1113 



DISPLAY SEAL MARK 
HAVING DOCUMENT 
CERTIFICATION 
INFORMATION 
EMBEDDED THEREIN IN 
MARK COLUMN 



1114 



RECOGNIZE SEAL 
POSITION OF SET MARK 



.1115 



RECOGNIZE SEAL 
BUTTON OF CLICKED 
MARK 



T 



.1116 



AFFIX MARK UPON 
DOCUMENT 



( END ) 



EMPLOYEE 
TERMINAL 



—111 



1101 



DISPLAY SELECTED 
DOCUMENT DATA 



T 



.1102 



RECOGNIZE CLICKED 
MARK CALL BUTTON 



.1103 



DISPLAY INPUT 
COLUMNS OF 




EMPLOYEE ID AND 
PASSWORD 








1104^^^^ 








< ^COLLATE INPUT^^ 


NG 




^\PASSWORD^^ 








1106-TYoK 




i 


' —1105 


DISPLAY MARK IN 
MARK COLUMN 




DISPLAY ERROR 
MESSAGE "PASSWORD 
IS WRONG" 




♦ —1107 









RECOGNIZE EMBED 
BUTTON OF CLICKED 
DOCUMENT 
CERTIFICATION 
INFORMATION 



1108 



DISPLAY OF EMBED 
ITEM COLUMN OF 

DOCUMENT 
CERTIFICATION 
INFORMATION 



1109 



RECOGNIZE EMBED 
ITEM OF CLICKED 

DOCUMENT 
CERTIFICATION 
INFORMATION 

I 



20 



EP 1 003 127 A2 



FIG. 12 



1201 



SEAL 
REGISTRATION 



DOCUMENT 




SEAL 




CONFIRMA- 


INFORMATION 






TION 



CALL OF SEAL MARK 



ID 



PASSWORD 



OK 



CANCEL 



OK 



CANCEL 



FILE 



HELP 



1202 



SEAL 
REGISTRATION 



SEAL CALL 



SEAL 



CONFIRMA- 
TION 



ORDER 
...SYSTEM 



SEAL MARK 



IE] 




EMBEDDING OF DOCUMENT INFORMATION fxl 



| I TITLE 

|y/f CREATION DATE : year |199B| month PH day [~7] 
| | FILE NAME 

I^EXPIRATION DATE : year fT99Bj month |"l2l day [3fl 
FEATURED INFORMATION OF DOCUMENT 

1 OK 1 1 CANCEL 1 



] 
] 
] 



1203 



SEAL 
REGISTRATION 



SEAL CALL 



DOCUMENT 
INFORMATION 



CONFIRMA- 
TION 



ORDER 
...SYSTEM 



MARK 




+ 



OK 



CANCEL 



FILE 



HELP 



21 



EP 1 003 127 A2 



FIG. 13 



PUBLIC KEY DB 



308 



EMPLOYEE 
TERMINAL 



RECOGNIZE 
CONFIRMATION BUTTON 
OF CLICKED MARK 



± 



DISPLAY CONFIRMATION 
ITEM COLUMN OF MARK 



T 



-1301 



-1302 



RECOGNIZE IDENTITY 
AUTHENTICATION ITEM 
OF CLICKED MARK 



EXTRACT IDENTITY 
AUTHENTICATION 
INFORMATION FROM MARK 



-1303 



-1304 




NG 



1305 



DECODE IDENTITY 
AUTHENTICATION 
INFORMATION FOR 
CONFIRMATION AND 
DISPLAY 

1306 





1307 


ERROR MESSAGE 
"PUBLIC KEY NOT 
PRESENT" 



[ END ) 



MODIFY SEAL IMAGE TO 
INVALID DESIGN 

1308 



22 



'V- 



EP 1 003 127 A2 



FIG. 14 



,1401 



SEAL 
REGISTRATION 



SEAL CALL 



DOCUMENT 
INFORMATION 



SEAL 



CONFIRMA- 
TION 



ORDER 
..SYSTEM 




OK 



CANCEL 



FILE 



HELP 



1402 




[ SEAT 1 

REGISTRATION 



SEAL CALL 



ORDER 
...SYSTEM 



DOCUMENT 
INFORMATION 



SEAL 



CONFIRMATION OF SEAL MARK 



fc7f IDENTITY AUTHENTICATION 
|~~| DOCUMENT CERTIFICATION 



] 
] 



OK 



CANCEL 



1403 



SEAL 
REGISTRATION 



SEAL CALL 



DOCUMENT 
INFORMATION 



SEAL 



CONFIRMA- 
TION 



ORDER 
.SYSTEM 



IDENTITY AUTHENTICATION 



NAME : AIKAWA TARO 
SECTION : ...DIVISION 
POSITION : GENERAL MANAGER 
MAIL : aikawa@aa.co.jp 



OK 



CANCEL 



FILE 



HELP 



23 



EP1 003 127 A2 





EMPLOYEE 
TERMINAL 


—111 








RECOGNIZE DOCUMENT 


CERTIFICATION ITEM OF 




CLICKED MARK 





—1501 



FIG. 15 



EXTRACT DOCUMENT INFORMATION 
DECODING KEY FROM MARK 



1502 



EXTRACT DOCUMENT INFORMATION 
FROM MARK 



1503 



DECODE DOCUMENT INFORMATION 
EXTRACTED FROM MARK 



T 



EXTRACT FEATURED INFORMATION 
FROM DOCUMENT 



1504 



1505 



1506 




CONFIRM AND DISPLAY DOCUMENT 
CERTIFICATION INFORMATION 



1510 



( END 



1 



1507 



ERROR MESSAGE 
THE DATA IS MODIFIED' 



MODIFY SEAL IMAGE TO 
INVALID DESIGN 



1508 



24 



EP1 003 127 A2 



FIG. 16 



1601 



SEAL 
REGISTRATION 



SEAL CALL 



ORDER 
.SYSTEM 



DOCUMENT 
INFORMATION 



SEAL 



SEAL MARK CONFIRMATION 




| | IDENTITY AUTHENTICATION 
[n/^ DOCUMENT CERTIFICATION 



] 

3 



OK 



CANCEL 



1602 



SEAL 
REGISTRATION 



SEAL CALL 



DOCUMENT 
INFORMATION 



SEAL 



CONFIRMA- 
TION 



ORDER 
.SYSTEM 



DOCUMENT CERTIFICATION 



OK 



CANCEL 



TITLE : ...SYSTEM ORDER 
CREATION DATE : 1998.7.7 
EXPIRATION DATE : 1998.12.31 
•DATA NOT MODIFIED" 



□ 



25 



(19) 



J 



Europaisches Patentamt 
European Patent Office 
Office europeen des brevets 



(12) 



(ID EP 1 003 127 A3 

EUROPEAN PATENT APPLICATION 



(88) Date of publication A3: 


(51) intci 7; G06T 1/00, H04N 1/32 


11.12.2002 Bulletin 2002/50 




(43) Date of publication A2: 




24.05.2000 Bulletin 2000/21 




(21) Application number: 99308566.1 




(22) Date of filing: 28.10.1999 




(84) Designated Contracting States: 


• Toyoshima, Hisashi 


AT BE CH CY DE DK ES Fl FR GB GR IE IT LI LU 


Hachioji-shi (JP) 


MC NL PT SE 


• Nagai, Yasuhiko 


Designated Extension States: 


Tokyo (JP) 


AL LT LV MK RO SI 


(74) Representative: Calderbank, Thomas Roger et al 


(30) Priority: 30.10.1998 JP 30980698 


MEWBURN ELLIS 


York House 


(71) Applicant: Hitachi, Ltd. 


23 Kingsway 


Chiyoda-ku, Tokyo (JP) 


London WC2B 6HP (GB) 


(72) Inventors: 




• Tsuchiyama, Chikako 




Tokyo (JP) 





(54) Digital signature or electronic seal authentication system and recognized mark management 
program 



CO 
< 

CM 

CO 

o 
o 



(57) A mark management server (1 01 ) for certifying 
digital data based oh a digital mark to enable realization 
of identity authentication and data certification when the 
digital data is transmitted or received on a network 
(1 20A, 1 20B, 1 08). The server includes a mark manage- 
ment processor (221) for receiving a mark registration 
request demanding a new registration or updating of the 
mark from a mark terminal device (111), embedding 
identity authentication information obtained by encrypt- 
ing information for identity authentication of a request 
originator with use of a cryptograph key in a mark design 
of the request originator to create a mark, and distribut- 
ing the created mark to the request originator together 
with a decoding key for decoding of the identity authen- 
tication information attached thereto, and a mark decod- 
ing key management processor for registering the de- 
coding key for decoding of the encrypted identity au- 
thentication information in a mark decoding key man- 
agement DB and transmitting the registered decoding 
key to the associated mark terminal device (111). 



FIG. 1 



AA CORPORATION SYSTEM 
MANAGEMENT SECTION 



101A 



SEAL MARK 
MANAGEMENT 
SERVER 



120A 



to 



100A 

I 



AA CORPORATION 
SYSTEM MANAGER . 



COMMUNICATION NETWORK 



88 CORPORATION SYSTEM 
MANAGEMENT SECTION 



100B 

I 



101B 



SEAL MARK 
MANAGEMENT 
SERVER 



B9 CORPORATION 
SYSTEM MANAGER 



to 



110A 




COMMUNICATION NETWORK 



V 7 ^ 

120B 



11 IB 



EMPLOYEE 
TERMINAl 



"^-HOB 



TO B9 CORPORATION 



ITEM : QUANTITY 



B8 CORPORATION 
EUPl OVEF 



112 SCHfcfcN IMAUt 



o. 
Ill 



Printed by Jouve, 75001 PARIS (FR) 



EP 1 003 127 A3 



European Patent EUROPEAN SEARCH REPORT App,te,,,lon Mumber 

Office EP 99 30 8566 



s 



DOCUMENTS CONSIDERED TO BE RELEVANT 




Category 


Citation of document with indication, where appropriate, 
of relevant passages 


Relevant 
to claim 


CLASSIFICATION OF THE 
APPLICATION (lntCI.7) 


Y 

Y 

A 
A 

i a 

A 
A 


US 5 G40 142 A (MORI KENJIRO ET AL) 
13 August 1991 (1991-08-13) 

* column 3, line 53 - column 5, line 37 * 

EP 0 853 294 A (IBM) 

15 July 1998 (1998-07-15) 

* page 3, line 28 - page 5, line 52 * 

EP 0 676 877 A (IBM) 

11 October 1995 (1995-10-11) 

* abstract * 

* page 3, line 56_ - line 58 * 

US 5 432 618 A (MONNOT JEROME ET AL) 
11 July 1995 (1995-07-11) 

WO 97 38531 A (OBSIDIAN IMAGING INC) 

16 October 1997 (1997-10-16) 

FR 2 726 953 A (GEMPLUS CARD INT) 
15 May 1996 (1996-05-15) 


1-3,6, 

9-13,16, 

19 

1-3,6, 

9-13,16, 

19 

8,18,20 

4,5,14, 
15 


GO6T1/O0 
H04N1/32 


TECHNICAL FIELDS 
SEARCHED (lntCI.7) 


H04N 

i 

! 

I 
| 

i 
1 

|. 
i 
! 


The present search report has been drawn up tor all claims 


Place ol sea/Ch Date ot completion of the search E>amtner 

THE HAGUE 17 October 2GG2 Hazel > J 


CATEGORY OF CITED DOCUMENTS T : theory or principle underlying the Invention 

E . earlier patent document, but published on, or 
X ; particularly relevant if taken alone after the filing date 
Y : particularly relevant if combined with another D : document cited in the application 
document of the same category L : document cited tor other reasons 

O : non -written disclosure & : member of the same patent family, corresponding 
P : intermediate documenl document 



2 



EP 1 003 127 A3 



ANNEX TO THE EUROPEAN SEARCH REPORT 

ON EUROPEAN PATENT APPLICATION NO. EP 99 30 8566 



This annex Hsls the patent family members relating to the patent documents cited in the above-mentioned European search report 
The members are as contained in the European Patent Office EDP file on 

The European Patent Office is in no way liable for these particulars which are merely given for the purpose of information, 

17-10-2002 



Patent document 


Publication 


Patent family 


Publication 




cited in search report 


date 


member(s) 


date 





US 5040142 A 13-08-1991 JP 1195568 A 07-08-1989 



EP 


0853Z94 


A 

A 


ID- 


■U/ - 


.1 QQft 

'1770 


Uj 


5875249 


A 














C r 


0853294 


A2 


1^-07-1 QQft 














IP 
ur 


10208026 


A 


(57-fift-l QQS 

Kff UO 177U 














KB 
r\r\ 


265143 


Bl 


XJ± U7 tOUU 


EP 


0676877 


A 


ll- 


■10- 


■1995 


GB 


2288476 


A 


18-10-1995 










EP 


0676877 


A2 


11-10-1995 














us 


5912974 


A 


15-06-1999 


US 


5432618 


A 


11- 


-07- 


1995 


FR 


2681490 Al 


19-03-1993 










DE 


69200087 


Dl 


05-05-1994 














DE 


69200087 


T2 


01-09-1994 














EP 


0532381 


Al 


17-03-1993 














ES 


2056698 


T3 


01-10-1994 














JP 


5244441 


A 


21-09-1993 


WO 


9738531 


A 


16- 


-10- 


1997 


US 


5862218 


A 


19-81-1999 














EP 


0966839 


Al 


29-12-1999 














JP 


2001517383 


T 


02-10-2001 














WO 


9738531 


Al 


16-10-1997 


FR 


2726953 


A 


15- 


■05- 


1996 


FR 


2726953 


Al 


15-05-1996 










CA 


2206135 


Al 


23-05-1996 














DE 


69514004 


Dl 


20-01-2000 














DE 


69514004 


T2 


27-04-2000 














EP 


0792553 


Al 


03-09-1997 














ES 


2144152 


T3 


01-06-2000 














WO 


9615621 


Al 


23-05-1996 














JP 


9512114 


T 


02-12-1997 



§ For more details about this annex : see Official Journal of the European Patent Office. No. 12/82 



3 



This Page is Inserted by IFW Indexing and Scanning 
Operations and is not part of the Official Record 

BEST AVAILABLE IMAGES 

Defective images within this document are accurate representations of the original 
documents submitted by the applicant. 

Defects in the images include but are not limited to the items checked: 

□ BLACK BORDERS 

□ IMAGE CUT OFF AT TOP, BOTTOM OR SIDES 
FADED TEXT OR DRAWING 

□ BLURRED OR ILLEGIBLE TEXT OR DRAWING 

□ SKEWED/SLANTED IMAGES 

□ COLOR OR BLACK AND WHITE PHOTOGRAPHS 

□ GRAY SCALE DOCUMENTS 

□ LINES OR MARKS ON ORIGINAL DOCUMENT 

□ REFERENCE(S) OR EXHIBIT(S) SUBMITTED ARE POOR QUALITY 

□ OTHER: 

IMAGES ARE BEST AVAILABLE COPY. 
As rescanning these documents will not correct the image 
problems checked, please do not report these problems to 
the IFW Image Problem Mailbox. 



